[ python-Bugs-696846 ] CGIHTTPServer doesn't quote arguments correctly on Windows.

SourceForge.net noreply at sourceforge.net
Sat Jun 5 15:23:20 EDT 2004


Bugs item #696846, was opened at 2003-03-03 16:06
Message generated for change (Comment added) made by akuchling
You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=696846&group_id=5470

Category: Python Library
Group: Python 2.2.2
>Status: Closed
>Resolution: Fixed
Priority: 5
Submitted By: Allan B. Wilson (allanbwilson)
>Assigned to: A.M. Kuchling (akuchling)
Summary: CGIHTTPServer doesn't quote arguments correctly on Windows.

Initial Comment:
In module CGIHTTPServer.py, in the section containing 
the following:

-----

        elif self.have_popen2 or self.have_popen3:
            # Windows -- use popen2 or popen3 to create a 
subprocess
            import shutil
            if self.have_popen3:
                popenx = os.popen3
            else:
                popenx = os.popen2
            cmdline = scriptfile
            if self.is_python(scriptfile):
                interp = sys.executable
                if interp.lower().endswith("w.exe"):
                    # On Windows, use python.exe, not 
pythonw.exe
                    interp = interp[:-5] + interp[-4:]
                cmdline = "%s -u %s" % (interp, cmdline)

-----

The final line, number 231 in my copy (version 0.4 in 
Python 2.2.2), doesn't handle filespecs with embedded 
spaces correctly. A script named, for example, "Powers 
of two.py" won't be found. This can be fixed by changing 
the quoting, namely to:

                cmdline = '%s -u "%s"' % (interp, cmdline)

so that the script name in cmdline is quoted properly.

Note that embedded spaces in interp could also cause 
problems (if Python were installed in C:\Program Files\ 
for example), but though adding "s around the first %s 
works for commands executed directly within Windows 
XP's cmd.exe, I couldn't get os.popen3 to handle them.

Thanks for your help.

Allan Wilson


----------------------------------------------------------------------

>Comment By: A.M. Kuchling (akuchling)
Date: 2004-06-05 15:23

Message:
Logged In: YES 
user_id=11375

Fixed in HEAD; closing.


----------------------------------------------------------------------

Comment By: Aaron Brady (insomnike)
Date: 2004-06-05 15:22

Message:
Logged In: YES 
user_id=1057404

The above isn't safe, and if the command is devoid of '=' or
'"', it's run with quotes (in CVS HEAD as of 05/Jun/2004).

----------------------------------------------------------------------

You can respond by visiting: 
https://sourceforge.net/tracker/?func=detail&atid=105470&aid=696846&group_id=5470



More information about the Python-bugs-list mailing list